Description

Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code

INFO

Published Date :

2026-04-28T00:00:00.000Z

Last Modified :

2026-04-29T15:12:54.248Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-38949 vulnerability.

Vendors Products
Danpros
  • Htmly
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-38949.

URL Resource
https://github.com/Chittu13/cve-research/blob/main/CVE-2026-38949/README.md cve-icon cve-icon cve-icon
https://github.com/danpros/htmly cve-icon cve-icon
https://youtu.be/3e-tzUMCox8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System